June 17, 2010

Microsoft, the National Cyber-Forensics and Training Alliance, Accuity, the American Bankers Association, the Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Commission, the National Consumers League and PayPal have joined forces to release a program today called Internet Fraud Alert. This will offer a mechanism for reporting stolen account credentials discovered online — such as username and password login information for online services or compromised credit card numbers — to the appropriate institution responsible for that account. The centralized alerting system was devised by Microsoft.

The program will go into effect immediately. It should help security researchers and investigators share information with service providers, retailers, financial institutions and government entities about incidents where compromised account credentials have been discovered.

“Citizens Bank is excited about the opportunity to partner with Microsoft, law enforcement, the National Cyber-Forensics and Training Alliance, and others to help build an innovative framework to rapidly address cyberthreats by combining knowledge and resources to enhance consumer trust when conducting business online,” said Lin Abbott, vice president and chief information security officer at Citizens Bank.

Phishing and malicious code attacks pose a serious threat to consumer identity and account credentials. In 2009, the Anti-Phishing Working Group received more than 410,000 unique phishing e-mail reports, and recent data from the group show that the number of brands being exploited by phishers is at an all-time high.

Microsoft is donating its reporting tool to the NCFTA, a nonprofit organization dedicated to facilitating public-private partnerships between industry, law enforcement and academia on cybersecurity issues. Accuity, a provider of global payment routing data, has donated a solution to assist NCFTA with the vetting of trusted institutions for participation in the program to help ensure the integrity of the alerting process.

ABOUT THE AUTHOR